1. Despite the frequency and cost of data security breaches, why do you think some companies do not consider securing customer data as high a priority as other risks to their data systems operations? Chose one of the options a-d that you think best answers the question. Support your answer.
a. Much of the cost from stolen consumer data is borne by the credit card companies instead of the company whose system was breached. Any financial losses for the company are a cost of doing business.
b. This is a technological arms race and the crooks have more resources and incentives than the company. Often the company does not even know there has been a breach.
c. The Credit Card system in the US, with a magnetic stripe on each card, creates an environment where a thief can purchase large numbers of stolen credit card numbers and load them on blank cards. The EU system of chip and PIN eliminates this incentive
d. There are no reporting requirements, so many times the loss of customer data goes unreported and the company pays no (financial or public relations) cost.
2. If the government passed legislation regarding data breaches, to regulate or to punish companies who allow consumer data breaches, what should the legislation do? Select all the options that apply. Support each of your choices.
a. Fine the company that allowed the data breach to occur
b. Set up security standards (like the medical industry) with which a company must comply
c. Set up a consumer’s bill of rights to protect them from identity theft and financial loss due to a data breach
d. Require all data breaches to be reported.